Home / / Large-scale malvertising campaign hits Yahoo ad network

Large-scale malvertising campaign hits Yahoo ad network

Cyber-criminals purchase ads across web giant's portals, deploying kit aimed at Adobe Flash

Large-scale malvertising campaign hits Yahoo ad network
Yahoo responded immediately when notified of the campaign, which is now no longer active

A large-scale malvertising attack using Yahoo's advertisement network to deliver malware to visitors was uncovered this week by security company Malwarebytes.

In a blog post announcing the attack, which purportedly began on July 28, Malwarebytes described the campaign as one of the largest malvertising attacks it had ever seen. The security company said that Yahoo responded immediately when it was notified of the campaign, which is now no longer active.

Still, the web giant sees 6.9bn visitors per month across its various portals, meaning that, even if the campaign only ran for a few days, large numbers of users could have been infected.

"Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain," the vendor's post said.

For the campaign, cyber-criminals purchased advertisements across Yahoo's ad network. When users logged onto the site and presented with the ads, a redirect chain would begin, eventually taking the user to a download of the Angler Exploit Kit, which would in turn would search for an old version of Adobe Flash. If the computer was running an unpatched version of Adobe Flash, the malware would find an exploit, and deliver a payload of either the CryptoWall ransomware, or else the Bedep ad fraud software.

Given the attack relies on vulnerabilities in Flash, many in the industry have used this week's news to voice their anxiety over the graphics program.

For its part, Adobe advised users to ensure that they were running the latest version of Flash, which is immune from this latest attack.

Yahoo, meanwhile, said that it had taken action to stop the attack, and that users of its sites are now no longer at risk.

"Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue. Unfortunately, disruptive ad behaviour affects the entire tech industry," the company said in a statement.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.